And the user has connected and Pusher has assigned that user with a socket_id with the value 1234.1234.

Given that your application receives a POST request to /pusher/auth with the parameters

channel_name=private-foobar&socket_id=1234.1234

You would first check that the user (authenticated via cookies or whatever) has permission to access channel private-foobar. If she has permission you would create a HMAC SHA256 hex digest of the following string using your secret key

Presence channels require extra user data to be passed back to the client along with the auth string. These data need to be part of the signature as a valid JSON string. For presence channels, the signature is a HMAC SHA256 hex digest of the following string:

The auth response should be a JSON string with a an auth property with a value composed of the application key and the authentication signature separated by a colon ‘:’. A channel_data property should also be present composed of the data for the channel as a string (note: double-encoded JSON):